Hi Raymond, Have you ever solved this? I just came across the same issue in CAS 4.1.7
Thanks, --Michael On Wednesday, January 18, 2017 at 12:47:20 PM UTC-5, ray.walker wrote: > > In CAS 4.1... > > > > I had LDAP authentication working with cas-mfa overlay, with the default > attribute stub DAO. I wanted to enable LDAP based attribute mapping, as the > cas-mfa overlay doesn’t seem to pull from the principal attributes gathered > during authentication. This means cas-mfa “per attribute” settings don’t > work as expected. So, when enabling the LdaptivePersonAttributeDao: > > > > As per: > https://apereo.github.io/cas/4.1.x/integration/Attribute-Resolution.html > > (commons collections in pom, etc.) > > > > <bean id="attributeRepository" > > > class="org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao" > > p:connectionFactory-ref="searchPooledLdapConnectionFactory" > > p:baseDN="${ldap.authn.baseDn}" > > p:searchControls-ref="searchControls" > > p:searchFilter="uid={0}"> > > <property name="resultAttributeMapping"> > > <map> > > <!-- > > | Key is LDAP attribute name, value is principal attribute > name. > > --> > > <entry key="uid" value="uid" /> > > <entry key="cn" value="cn" /> > > <entry key="mail" value="mail" /> > > <entry key="nauedumemberof" value="nauedumemberof" /> > > </map> > > </property> > > </bean> > > <bean id="searchControls" > > class="javax.naming.directory.SearchControls" > > p:searchScope="2" > > p:countLimit="10" /> > > > > I get the following log/error (after successful password/user login, > denied ticket and kicked back to login): > > > > 2017-01-18 10:18:12,209 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP > authentication for rdw4> > > 2017-01-18 10:18:12,288 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP response: > [org.ldaptive.auth.AuthenticationResponse@1697294702::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, > > ldapEntry=[dn=naueduregid=XXXXXXXXX,ou=people,dc=nau,dc=edu[[uid[rdw4]], > [mail[[email protected] <javascript:>]], [nauedumemberof[(attributes > removed for brevity)]], [cn[Raymond Drew Walker]]], responseControls=null, > messageId=-1], accountState=null, result=true, resultCode=SUCCESS, > message=null, controls=null]> > > 2017-01-18 10:18:12,290 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal > attribute: [cn[Raymond Drew Walker]]> > > 2017-01-18 10:18:12,290 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal > attribute: [mail[[email protected] <javascript:>]]> > > 2017-01-18 10:18:12,290 DEBUG > [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal > attribute: [nauedumemberof[(attributes removed for brevity)]]> > > 2017-01-18 10:18:12,293 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler successfully authenticated rdw4> > > 2017-01-18 10:18:12,294 DEBUG > [org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] - > <Attempting to resolve a principal...> > > 2017-01-18 10:18:12,294 DEBUG > [org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] - > <Creating SimplePrincipal for [rdw4]> > > 2017-01-18 10:18:12,295 DEBUG > [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - > <Created seed map='{username=[rdw4]}' for uid='rdw4'> > > 2017-01-18 10:18:12,295 DEBUG > [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - > <Adding attribute 'username' with value '[rdw4]' to query builder 'null'> > > 2017-01-18 10:18:12,295 DEBUG > [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - > <Constructed LDAP search query [uid=rdw4]> > > 2017-01-18 10:18:12,296 DEBUG > [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - > <Generated query builder > '[org.ldaptive.SearchFilter@-2004784735::filter=uid={0}, > parameters={0=rdw4}]' from query Map {username=[rdw4]}.> > > 2017-01-18 10:18:12,332 DEBUG > [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - > <Converted ldap DN entry [naueduregid=XXXXXXXXX,ou=people,dc=nau,dc=edu] to > attribute map { (attributes removed for brevity) }> > > 2017-01-18 10:18:12,344 DEBUG > [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving > argument [UsernamePasswordCredential] for audit> > > 2017-01-18 10:18:12,345 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > > ============================================================= > > WHO: rdw4 > > WHAT: 'principal' cannot be null. > > Check the correctness of @Audit annotation at the following audit point: > execution(public abstract transient > org.jasig.cas.authentication.Authentication > org.jasig.cas.authentication.AuthenticationManager.authenticate(org.jasig.cas.authentication.Credential[])) > > ACTION: TICKET_GRANTING_TICKET_NOT_CREATED > > APPLICATION: CAS > > WHEN: Wed Jan 18 10:18:12 MST 2017 > > CLIENT IP ADDRESS: 134.114.112.199 > > SERVER IP ADDRESS: 134.114.213.249 > > ============================================================= > > > > Why is this happening? > > — > > Raymond Walker > Software Systems Engineer StSp. > ITS Northern Arizona University > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f86bcef6-79ae-4f17-9345-1adaec3d5c4b%40apereo.org.
